[PATCH] Specify PAM Service name in sshd_config

Ben Lindstrom mouring at eviladmin.org
Tue May 14 06:21:14 EST 2013 

Best to create a bug in the  bugzilla ( https://bugzilla.mindrot.org/ ) as it will not be lost as easy as if it is just attached to a random email.

- Ben

On May 13, 2013, at 3:05 PM, "Schmidt, Kenneth P" <kenneth.schmidt at pnnl.gov> wrote:

> Seems as though somewhere along the way the attachment got stripped.  Lets
> see if it makes it through this time.
> 
> On 5/13/13 9:22 a.m., "Schmidt, Kenneth P" <kenneth.schmidt at pnnl.gov>
> wrote:
> 
>> Hello All,
>> 
>> The attached patch allows openssh to specify which pam service name to
>> authenticate users against by specifying the PAMServiceName attribute in
>> the sshd_config file.  Because the parameter can be included in the Match
>> directive sections, it allows different authentication based on the Match
>> directive.  In our case, we use it to allow different levels of
>> authentication based on the source of the authentication attempts
>> (securID auth in untrusted zones, password auth in trusted zones).  The
>> default is still to use the binary name.
>> 
>> ____________________________________________
>> Ken Schmidt
>> Research Scientist, Molecular Science Computing Operations
>> EMSL: Environmental Molecular Sciences Laboratory
>> 
>> Pacific Northwest National Laboratory
>> 902 Battelle Boulevard
>> P.O. Box 999, MSIN K8-83
>> Richland, WA  99352 USA
>> Tel:  509-371-6107
>> Fax: 509-371-6110
>> Kenneth.schmidt at pnnl.gov
>> www.emsl.pnl.gov
>> 
>> This material was prepared as an account of work sponsored by an agency of
>> the United States Government.  Neither the United States Government nor
>> the United States Department of Energy, nor any of their employees, nor
>> Battelle Memorial Institute nor any of its employees, makes any warranty,
>> express or implied, or assumes any legal liability or responsibility for
>> the accuracy, completeness, or usefulness or any information, apparatus,
>> product, or process disclosed, or represents that its use would not
>> infringe privately owned rights.
> 
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

More information about the openssh-unix-dev mailing list